In Enforce version 14.6, despite a successful upload of the Enrollment Bundle, the Cloud Detection Server (CDS) shows as "Disconnected".
The following is true:
Enforce version is 14.6
Issue will not occur in DLP 14.5 and prior - for 14.5 installations with issues accessing CDS, see link to TECH236383 in "Related Articles".
Enforce has been set to use an Explicit Proxy, via the "Cloud Proxy Settings", to connect to a CDS
The Enrollment Bundle is not expired, and it has been uploaded in the Enforce Console.
The following will be seen in the Enforce MonitorController log:
Feb 15, 2017 7:50:14 AM com.vontu.monitor.controller.replicatorcommlayer.applications.connection.GatewayConnector initiateConnect
WARNING: Failed in generating ConnectionIdentifierId for host: gw.csg.dlp.protect.symantec.com
Feb 15, 2017 7:50:14 AM com.symantec.dlp.services.csgconnection.ConnectionStateManager onDisconnected
INFO: Connection to ConnectionIdentifierId [id=1, hostName=gw.csg.dlp.protect.symantec.com, port=443] is terminated.
This is a known issue with regard to the specification of an Explicit Proxy in Enforce.
Symantec has released the fix for this issue - please upgrade to 14.6 MP1.
In addition, an immediate workaround is to discover the IP addresses for the Gateway to the CDS.
Using tools such as dig, or nslookup, confirm the current IPs for the gateway: